On Tue, 8 Mar 2005, Mark Wiater wrote:
So this is safe? Has anyone looked into the security aspects of very badly implemented HTTP Headers (and their Servers)?
I have tried to analyze the impacts of each workaround implemented, but recommends "relaxed_header_parser off" for the security minded even if this makes a large number of web sites inaccessible, especially so if you are in a cache hierarchy with other proxy brands or versions.
Regards Henrik
